﻿<%
'作者：山林客（ah_bill）
'博客：http://ruizhinet.blog.163.com
'网站：http://www.ruizhinet.cn
'本信息不会影响您网站的正常访问，请保留
Dim Inj_Keywords,Inj_LockIP,Inj_RecordInfo,Inj_AlertURL,Inj_AlertInformation,Inj_StopInformation,Inj_StopType,Inj_TheSafePages,Inj_SafePage,Temp_Inj_SafePages,Temp_Inj_Keywords,params
Inj_Keywords = ReHTMLEncode(app("rz_inj_keywords"))
Inj_LockIP = app("rz_inj_lockIP")
Inj_RecordInfo = app("rz_inj_recordInfo")
Inj_AlertURL = app("rz_inj_alertURL")
Inj_AlertInformation = app("rz_inj_alertInformation")
Inj_StopInformation =app("rz_inj_stopInformation")
Inj_StopType = app("rz_inj_stopType")
Inj_TheSafePages = app("rz_inj_theSafePages")
Inj_SafePage = app("rz_inj_openSafePage")
Temp_Inj_SafePages = split(Inj_TheSafePages,"|")
Temp_Inj_Keywords = split(Inj_Keywords,"|")
If Inj_LockIP=1 Then StopIP
If Request.Form<>"" Then StopInjection(Request.Form)
If Request.QueryString<>"" Then StopInjection(Request.QueryString)
If Request.Cookies<>"" Then StopInjection(Request.Cookies)
Function StopIP()
	dim UserIP,StopIpSql,rsStopIP
	UserIP=Request.ServerVariables("REMOTE_ADDR")
	StopIpSql="select Bad_IP from c_sqlrecords where Bad_IP='"&UserIP&"' and Bad_IsKilled=1"
	Set rsStopIP=conn.execute(StopIpSql)
	If Not(rsStopIP.eof or rsStopIP.bof) Then
		AlertInfo(Inj_StopInformation)
	Response.End
	End If
	rsStopIP.close	
End Function

Function AlertInfo(Inj_AlertInformation)
	Dim str
	str = "<"&"script type='text/javascript' language='javascript'"&">"
	Select Case Inj_StopType
		Case 1
			str = str & "window.opener=null; window.close();"
		Case 2
			str = str & "alert('"&Inj_AlertInformation&"\n\n');window.opener=null; window.close();"
		Case 3
			str = str & "location.href='"&Inj_AlertURL&"';"
		Case 4
			str = str & "alert('"&Inj_AlertInformation&"');location.href='"&Inj_AlertURL&"';"
	end Select
	str = str & "<"&"/script"&">"
	response.write  str
End Function 

Function intype(values)
	Select Case values
		Case Request.Form
			intype = "Post"
		Case Request.QueryString
			intype = "Get"
		Case Request.Cookies
			intype = "Cookies"
	end Select
End Function 

Function PageName()
    PageName = Mid(Request.ServerVariables("URL"),InstrRev(Request.ServerVariables("URL"),"/")+1)
End Function

Function StopInjection(values)
	For Each params In values
		If Inj_SafePage = 1 Then 
			dim temp_i
			For temp_i=0 To UBound(Temp_Inj_SafePages)
				If Instr(LCase(PageName),Temp_Inj_SafePages(temp_i))> 0 Then 
					Exit Function
				End If
			Next
			CheckBadChar(values)
		Else
			CheckBadChar(values)
		End If 
	Next
End Function 

Function CheckBadChar(values)
	Dim temp_j
	For temp_j=0 To Ubound(Temp_Inj_Keywords)
		If Instr(LCase(values(params)),Temp_Inj_Keywords(temp_j))>0 Then
			If Inj_RecordInfo = 1 Then InsertInfo(values)
			AlertInfo(Inj_AlertInformation)
			Response.End
		End If
	Next
End Function

Function InsertInfo(values)
	dim ip,url,sql
	ip = Request.ServerVariables("REMOTE_ADDR")
	url = Request.ServerVariables("URL")
	sql = "insert into c_sqlrecords(Bad_IP,Bad_FromPage,Bad_PostOrGet,Bad_Parameters,Bad_Data) values('"&ip&"','"&url&"','"&intype(values)&"','"&params&"','"&HTMLEncodeSimple(values(params))&"')"
	conn.Execute(sql)
	conn.close
	Set conn = Nothing
End Function

Function HTMLEncodeSimple(str)
	str = Replace(str,"'","""")
    str = Replace(str, ">", "&gt;")
    str = Replace(str, "<", "&lt;")
    HTMLEncodeSimple = str
End Function
%>